Last modified: 24 January 2019
Girls in Tech Inc (“Girls in Tech“, “we”, “us”) believes it is important that you understand how we collect, store, share and use information from and about our website visitors and registered users on the website: https://girlsintech.org. The purpose of this fair processing notice (“Notice”) and our cookie notice is to clearly describe how we collect, use and disclose personal data collected through the website or in the course of our business activities conducted offline when such processing is governed by the EU General Data Protection Regulation (“GDPR”).
For the purposes of GDPR, Girls in Tech is the controller of any personal data collected from you on the website or otherwise for the purpose of conducting or developing our business with you. We are an educational non-profit for women in technology located in the United States of America at 575 Market Street, 5th Floor, San Francisco, CA 94105, USA. We have appointed a representative in the European Union, who can be contacted at: Kimiya Shams [email protected]
For the purposes of this Notice, personal data means any information relating to an identified or identifiable person. Please read this Policy carefully as it provides important information about how we use personal data and explains your legal rights.
Girls in Tech have local chapters who act as separate controllers and have their own privacy policies so please refer to the relevant policy on any website that you visit.
Girls in Tech collects and uses personal details which you provide in order to access portions of the website or to enjoy full functionality of the website and otherwise in conducting business with us, together with additional personal data collected when you visit the website. This information will include basic contact details such as your name, email address, age and location, but may also include more detailed information about you, for example your job or your leisure activities and interests.
The personal data Girls in Tech collects is used primarily to conduct and develop our business as a global non-profit focused on the engagement, education and empowerment of girls and women who are passionate about technology. The data may be processed by third party service providers acting on Girls in Tech’s behalf in order to provide services, Girls in Tech operates globally and has local chapters with whom we will share your data where required to conduct an annual member audit.
You have certain rights in respect of your personal data, including rights of access and, in certain circumstances, erasure, which you can exercise by contacting [email protected] in the first instance.
Information Registered Users Provide
In order to access or use certain portions of the website or enjoy the full functionality of the website, or otherwise in conducting business with us or seeking to conduct business with us, you may be prompted to provide certain personal data to us (e.g. to access certain content, to subscribe to newsletters or other communications or to comment on our blogs). The personal data you will be asked to provide includes name, location, age, profession and job, leisure activities and interests. The name and email address information is mandatory in order to register. Otherwise, the consequences of not providing the other information noted would mean that users wouldn’t receive any Girls in Tech newsletters despite subscribing.
Please note that information relating to your name, email address, age and gender are collected indirectly via EventBrite, Inc and Widgix, LLC (dba SurveyGizmo). On SurveyGizmo, we also ask, though it is not a required question to answer, which ethnicities our event/program participants are so that Girls in Tech can work to ensure we are supporting diversity.
Information we collect automatically from all Website Visitors
When you visit our website, our server automatically collects certain browser or device generated information, which may in some cases constitute personal data, including but not limited to:
- your domain;
- your IP address;
- your date, time and duration of your visit;
- your browser type;
- your operating system;
- your page visits;
- other information about your computer or device;
- Internet traffic.
Why and on What Legal Basis we Use Personal Data
We take steps to ensure all processing and use of your personal data is justified. The following is an overview of the justified legal grounds for processing personal data, and the purposes for which we intend to use your personal data:
- The processing is in our legitimate interest to grow and operate as a global non-profit focused on the engagement, education and empowerment of girls and women who are passionate about technology, which are not overridden by your interests and fundamental rights:
- to operate, evaluate, maintain, improve and develop the website (including by monitoring and analyzing trends, access to, and use of the website for advertising and marketing);
- to send you marketing content about events, promotions, the website and our similar products and services (unless consent is required by local law);
- to protect and ensure safety of the website and our confidential and proprietary information;
- to manage, protect against and investigate fraud, risk exposure, claims and other liabilities, including but not limited to violation of our contract terms or laws or regulations;
- to share your personal data with third parties in connection with potential or actual sale of Girls in Tech or any of our assets, or those of any affiliated company, in which case personal data held by us about our users may be one of the transferred assets; or
- You have consented to the processing:
- to market to you where consent is required by local law.
When the justification for processing is our legitimate interests, those interests are to use supplier, customer and website user data to conduct and develop our business activities with them and with others, while limiting the use of their personal data to those purposes that strictly support the conduct and development of our business within the reasonable expectation of the individuals concerned.
In addition, processing of sensitive personal data (such as racial or ethnic data) requires an additional justification. Our legal basis for this is: either the information has been made manifestly public by the data subject or we are pursuing our legitimate activities as a non-profit organization with the purpose of ensuring that we support diverse groups in technology.
We do not transfer data between chapters other than where required to conduct an annual member audit. Where this is the case, we will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests, in particular we will ensure that transfers outside your country are subject to additional safeguards required under local law – for example, the EU Model Clauses pursuant to Article 46(2) of the GDPR or by relying on certification schemes such as the EU – US Privacy Shield.
You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Contact us as if you would like further information or to request a copy where the safeguard is documented (which may be redacted to ensure confidentiality).
Disclosure of Personal Data
We appoint third party service providers (who will operate under our instructions), such as EventBrite, SurveyGizmo, Google Analytics and Zoho CRM, to assist us in providing information, products or services to you, in conducting and managing our business, or in managing and improving our products, services or the website. We share your personal data with these third parties to perform services, subject to appropriate contractual restrictions and security measures. As noted above, we also share data with chapters solely for the purpose of member audits.
The website is not for use by children under the age of 16 years and we do not knowingly collect, store, share or use the personal data of children under 16 years. If you are under the age of 16 years, please do not provide any personal data, even if prompted by the website to do so. If you are under the age of 16 years and you have provided personal data, please ask your parent(s) or guardian(s) to notify us and we will delete all such personal data.
Subject to your consent where required by local laws, we may communicate with you by SMS and email and messages via social media or website to tell you about our products and services. If you wish to opt-out of receiving marketing communications, please use the ‘unsubscribe’ button provided in our emails, or otherwise contact us directly and we will stop sending you communications.
We do not engage in automated decisions about you in connection with the website, but we will notify you if this changes.
Retention of Your Personal Data
We apply a general rule of keeping personal data only for as long as required to fulfill the purposes for which it was collected. In general, we retain your personal data for a period of time corresponding to a statute of limitation setting out the period during which legal claims may be filed in court. For example, we’ll retain your personal data during the statute of limitation period, to maintain an accurate record of your dealings with us and, as applicable, assert or defend against a legal claim. However, in some circumstances we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required. With respect to marketing, we retain your personal data for 3 years after registration after which point you will be contacted regarding further retention of your personal data.
The website may contain links to third party sites. As we are not control responsible for the privacy practices of those websites, we encourage you to review the privacy policies of these third party sites. This Notice applies solely to personal data collected by our websites or in the course of our business activities.
- Right to withdraw consent – where applicable, you have the right to withdraw your consent at any time. For example, if you wish to opt-out of receiving electronic marketing communications, you can change your settings in your account on the website, use the ‘unsubscribe’ link provided in our emails or text the STOP number in our SMS, or otherwise contact us directly and we will stop sending you communications.
- Right of access, rectification and erasure – you have the right to request access to and obtain a copy of any of your personal data that we may hold, to request correction of any inaccurate data relating to you and to request the deletion of your personal data under certain circumstances. You can see and update most of this data yourself online, or by contacting us directly at [email protected].
- Data portability – where we are relying (as the justification for processing) upon your consent, or the fact that the processing is necessary to perform a contract to which you are party or to take steps at your request prior to entering a contract, and the personal data is processed by automatic means, you have the right to receive all such personal data which you have provided us in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
- Right to restriction of processing – you have the right to restrict our processing of your personal data (that is, allow only its storage) where:
- you contest the accuracy of the personal data, until we have taken sufficient steps to correct or verify its accuracy;
- where the processing is unlawful but you do not want us to erase the personal data;
- where we no longer need your personal data for the purposes of the processing, but you require such personal data for the establishment, exercise or defense of legal claims; or
- where you have objected to processing justified on legitimate interest grounds (see below), pending verification as to whether we have compelling legitimate grounds to continue processing.
Where your personal data is subject to restriction we will only process it with your consent or for the establishment, exercise or defense of legal claims.
- You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your personal data infringes applicable law. A list of data protection supervisory authorities is available here https://edpb.europa.eu/about-edpb/board/members_en.
- Right to object to processing (including profiling) based on legitimate interest grounds – where we are relying upon legitimate interests to process personal data, you have the right to object to that processing. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal data for the establishment, exercise or defense of legal claims. Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
- Right to object to direct marketing (including profiling) – you have the right to object to our use of your personal data (including profiling) for direct marketing purposes, such as when we use your personal data to invite you to our promotional events.
Please contact us at [email protected] if you wish to exercise any of your rights, or if you have any enquiries or complaints regarding the processing of your personal data.
Changes to this Notice
We will changes to this Notice from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. Any changes or updates we may make to this Notice will be posted on this page in advance so that you are aware of the impact to our data processing activities before you continue to engage. If we have your contact details on file we will notify you in advance of any significant changes to this Notice that are material or may impact you. For other changes, please check back frequently to see any updates or changes to this Notice.